Privacy Policy
Last updated: May 7, 2026
1. What we collect
When you create an account, we collect your email address and password (stored as a secure hash via Supabase Auth). When you use AI features, we temporarily process the text you paste (resumes, job descriptions) to generate results. That text is stored in your account history so you can retrieve it later.
2. How we use it
We use your data to operate the service: running AI scoring, generating summaries, and storing your history. We do not sell your data. Resume and job description text you paste is sent to Anthropic's Claude API to generate results; that processing is governed by Anthropic's privacy policy.
3. Your data is never used to train AI models
Candid.ai does not train, fine-tune, or otherwise improve any AI model using your data. We do not export resume text, candidate data, or recruiter prompts to any model training pipeline. We do not use your data to evaluate or benchmark models internally. We do not share your data with third parties for ML purposes.
Anthropic, our inference provider, also does not train on commercial API customer data by default, and we have not opted into any training program. Per Anthropic's policy: "By default, Anthropic does not use Inputs or Outputs from our commercial customers (including those using our API) to train our models."
We do not use third-party recruiting platform integrations (Bullhorn, LinkedIn Recruiter, Indeed, Greenhouse, Workday, etc.) to auto-pull candidate data. All candidate data in Candid.ai is entered manually by the recruiter.
4. Data storage
Your account data is stored in Supabase (hosted on AWS, US region). Your billing information is handled entirely by Square: we never store your credit card details. Row-level security ensures your data is only accessible to your account.
5. Cookies and tracking
We use session cookies for authentication. We do not use third-party advertising trackers or analytics beyond basic server logs.
6. Data deletion
You can soft-delete individual records from the History page or candidate slideout. For a full hard-delete (right-to-delete under GDPR / CCPA), use the in-product delete on a candidate or email us at privacy@candidai.app. We process account-level deletion requests within 30 days. See our public data flow document for full retention details.
7. Changes to this policy
We may update this policy. If we make material changes, we will email registered users before the changes take effect.
8. Contact
Questions? Email privacy@candidai.app.